ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2019.0334
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2019-0334)
Resumen:	The remote host is missing an update for the 'microcode' package(s) announced via the MGASA-2019-0334 advisory.
Descripción:	Summary: The remote host is missing an update for the 'microcode' package(s) announced via the MGASA-2019-0334 advisory. Vulnerability Insight: This update provides the Intel 20191112 microcode release that adds the microcode side fixes and mitigations for at least the following security issues: A flaw was found in the implementation of SGX around the access control of protected memory. A local attacker of a system with SGX enabled and an affected intel GPU with the ability to execute code is able to infer the contents of the SGX protected memory (CVE-2019-0117). TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135). Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access (CVE-2019-11139). Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access (CVE-2018-12207). TA Indirect Sharing Erratum (Information Leak) Incomplete fixes for previous MDS mitigations (VERW) SHUF* instruction implementation flaw (DoS) EGETKEY Erratum Conditional Jump Macro-fusion (DoS or Privilege Escalation) For the software side fixes and mitigations of these issues, the kernel must be updated to 5.3.13-1.mga7 (mga$?25686) or later. Affected Software/OS: 'microcode' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12207 Bugtraq: 20200114 [SECURITY] [DSA 4602-1] xen security update (Google Search) https://seclists.org/bugtraq/2020/Jan/21 https://support.f5.com/csp/article/K17269881?utm_source=f5support&utm_medium=RSS Debian Security Information: DSA-4602 (Google Search) https://www.debian.org/security/2020/dsa-4602 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/ https://security.gentoo.org/glsa/202003-56 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html https://www.oracle.com/security-alerts/cpujul2020.html RedHat Security Advisories: RHSA-2019:3916 https://access.redhat.com/errata/RHSA-2019:3916 RedHat Security Advisories: RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3936 RedHat Security Advisories: RHSA-2019:3941 https://access.redhat.com/errata/RHSA-2019:3941 RedHat Security Advisories: RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0026 RedHat Security Advisories: RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0028 RedHat Security Advisories: RHSA-2020:0204 https://access.redhat.com/errata/RHSA-2020:0204 SuSE Security Announcement: openSUSE-SU-2019:2710 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html https://usn.ubuntu.com/4186-2/ Common Vulnerability Exposure (CVE) ID: CVE-2019-0117 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html Common Vulnerability Exposure (CVE) ID: CVE-2019-11135 Bugtraq: 20191118 [slackware-security] Slackware 14.2 kernel (SSA:2019-320-01) (Google Search) https://seclists.org/bugtraq/2019/Nov/26 Bugtraq: 20191216 [SECURITY] [DSA 4565-2] intel-microcode security update (Google Search) https://seclists.org/bugtraq/2019/Dec/28 https://kc.mcafee.com/corporate/index?page=content&id=SB10306 https://support.f5.com/csp/article/K02912734?utm_source=f5support&utm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03968en_us http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html https://www.oracle.com/security-alerts/cpujan2021.html https://lists.debian.org/debian-lts-announce/2019/12/msg00035.html http://www.openwall.com/lists/oss-security/2019/12/10/3 http://www.openwall.com/lists/oss-security/2019/12/10/4 http://www.openwall.com/lists/oss-security/2019/12/11/1 RedHat Security Advisories: RHSA-2020:0279 https://access.redhat.com/errata/RHSA-2020:0279 RedHat Security Advisories: RHSA-2020:0366 https://access.redhat.com/errata/RHSA-2020:0366 RedHat Security Advisories: RHSA-2020:0555 https://access.redhat.com/errata/RHSA-2020:0555 RedHat Security Advisories: RHSA-2020:0666 https://access.redhat.com/errata/RHSA-2020:0666 RedHat Security Advisories: RHSA-2020:0730 https://access.redhat.com/errata/RHSA-2020:0730 SuSE Security Announcement: openSUSE-SU-2019:2527 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00046.html SuSE Security Announcement: openSUSE-SU-2019:2528 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00045.html Common Vulnerability Exposure (CVE) ID: CVE-2019-11139 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.